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APPENDIX A 
CLAIMS 

1 . (Cancelled) A method for achieving client to server end to end security guarantees, 
comprising: 

providing a secure communication between a client and a server employing an untrusted 
proxy by means of: 

employing said proxy between a said client and a said server to provide connection links 
between said client and said server; 

embedding a secure coprocessor for use as an agent of said client and/or said 

server which assures that said proxy cannot tamper with the functioning of said agent, said 

agent being a software program or hardware logic operating within the confines of said 

coprocessor; 

said proxy receiving a specific communication request from said client; 

said coprocessor is located at the site of said proxy and: (a) acts as a converter between at 
least one protocol said client supports, and at least one other protocol supported by said 
server, (b) guarantees that an application embedded in said coprocessor performs to a 
degree of security proscribed by said client and/or said server; 

said proxy forming an n-tuple for a specific communication; 

said proxy forwarding said n-tuple to said coprocessor; 

said coprocessor generating a response, including a directive to said n-tuple; 

said coprocessor sending said response to said proxy and 



PACE 4/18 * RCVD AT 4/11/2005 5:14:16 PM [Eastern Daylight Time] * 8VR:U8PTO-EFXRF-1/5 * DM8:8729306 * C61D:860 210 0700 * DURATION (mm-ss):05-58 



Apr 11 2005 4:12PM Law Offices of Thomas fl. (860) 210-0700 



said proxy implementing a directive; and 

employing the respective security protocols of said at least one protocol and said at least 
one other protocol. 

Claims 2 -4 (Canceled) 

Claim 5 (Canceled) A method as recited in claim 1 wherein the client is a pervasive computing 
device. 

Claim 6 (Canceled) A method as recited in claim 5 further comprising the step of adapting content 
supplied by the cheat to fit constraints of the server and/or the connection links. 

Claim 7 (Previously Presented) A method for providing secure communications on a network, the 
method comprising: 

providing a secure communication between a client and a server employing an untrusted proxy by 
means of: 

employing said proxy between said client and said server to provide connection links 
between said client and said server; 

embedding a secure coprocessor for use as an agent of said client and/or said 

server which assures that said proxy cannot tamper with the functioning of said agent, 

said agent being a software program or hardware logic operating within the confines of 

said coprocessor; 

said proxy receiving a specific communication request from said client; 

said coprocessor is located at the site of said proxy and: (a) acts as a converter between at 
least one protocol said client supports, and at least one other protocol supported by said 
server, (b) guarantees that an application embedded in said coprocessor performs to a 
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degree of security proscribed by said client and/or said server; 
said proxy forming an n-tuple for a specific communication; 
said proxy forwarding said n-tuple to said coprocessor; 
said coprocessor generating a response, including a directive to said n-tuple; 
said coprocessor sending said response to said proxy and 
said proxy implementing a directive; and 

employing the respective security protocols of said at least one protocol and said at least 
one other protocol; 

splicing a plurality of secure communication protocols of different protocol suites into the 
agent, wherein the step of splicing a plurality of secure communication protocols is a security 
protocol of a Wireless Application Protocol Suite (WAP) to that of an Internet Protocol (IP) 
device. 

Claim 8 (Canceled) A method as recited in claim 7 wherein the step of splicing includes splicing a 
security protocol of a Wireless Application Protocol Suite (WAP) to that of an Internet Protocol 
(IP) device. 

Claim 9 (Previously Presented) A method as recited in claim 7 wherein the Wireless Application 
Protocol suite is used by a pervasive computing device. 

Claim 1 0 (Previously Presented) A method as recited in claim 9 further comprising the agent 
performing at least one content adaptation function. 
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Claim 1 1 (Previously presented) A method as recited in claim 1 0, wherein the step of performing 
includes maintaining communication privacy. 

Claim 12 (Previously Presented) A method as recited in claim 10, further comprising maintaining 
a state of splicing process resulting from the step of splicing. 

Claim 13 (Previously presented) A method as recited in claim 12, wherein the step of maintaining 
includes employing a storage device external to the proxy, and using cryptographic means to 
encrypt the state. 

Claim 14 (Canceled) A method for providing network security to a network employing a proxy, 

the method comprising: 

embedding a trusted application in a secure coprocessor located at the site of a proxy; and 
delegating to a network infrastructure a task of enforcing a trust model. 

Claim 15 (Canceled) A method as recited in claim 14, further comprising guaranteeing that the 
application is trusted to enforce th trust model between at least one server and a plurality of 
clients. 

Claim 16 (Canceled) A method as recited in claim 14, further comprising assuring the tamper 
resistance of the application. 

Claim 17 (Canceled) A method for secure communication between a client and a server 
employing an untrusted proxy; the method comprising: 
embedding a coprocessor at the proxy; 

the proxy receiving a specific communication request from a client; 

the proxy forming an n-tuple for the specific communication; 

the proxy forwarding the n-tuple to the coprocessor; 

the coprocessor generating a response, including a directive, to the n-tuple; 

the coprocessor sending the response to the proxy, and 
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the proxy implementing the directive. 

Claim 1 8 (Canceled) A method of claim 1 7, wherein the: coprocessor is a secure coprocessor. 

Claim 19 (Canceled) A method of claim 17, wherein the step of receiving includes: 
awaiting a connection request from a client; 
creating an entry in a storage module for the client; 
determining a sender of each received packet; and 
retrieving a stored entry. 

Claim 20 (Canceled) A method of claim 19, wherein the n-tuple includes a sender id, an entry 
from a storage module and the received packet. 

Claim 2 1 (Canceled) A method of claim 1 7, wherein the client and the server can be either a 
sender or a receiver, and the step of generating includes employing a first protocol from the sender 
to the proxy and a second protocol from the proxy to the receiver and translating between the first 
and second protocols* 

Claim 22 (Canceled) A method of claim 21, wherein the translating includes decrypting the 
received packet as specified by the security parameters negotiated as per the first protocol and 
encrypting the decrypted packet as specified by the security parameters of the second protocol. 

Claim 23 (Canceled) A method of claim 21, wherein the translating includes modifying the 
received packet to meet constraints of the receiver and wherein the directive includes forwaiding 
to the receiver the packet resulting from the step of modifying. 

Claim 24 (Canceled) A method as recited in claim 23, further comprising aggregating a plurality 
of packets into a group of packets and performing content adaptation on the group of packets. 



PAGE 8/18 * RCVD AT 4/11/2005 5:14:16 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-1/5 * DNI8:8729306 * C8ID:860 210 0700 ■ DURATION (mm-ss>:05<58 



Rpr 11 2005 4:13PM Law Offices of Thomas H • (860J 210-0700 p. 9 



Claim 25 (Canceled) A method of claim 17, wherein the communication between the client and 
the proxy employ protocols specified by the Wireless Application Protocol suite (WAP). 

Claim 26. (Canceled) A system to control security of a proxy interconnecting a client to a 
server, comprising: 

providing a secure communication between a client and a server employing an untrusted proxy by 
means of: 

employing said proxy between a said client and a said server to provide connection links 
between said client and said server; 

embedding a secure coprocessor for use as an agent of said client and/or said 

server which assures that said proxy cannot tamper with the functioning of said agent, said 

agent being a software program or hardware logic operating within the confines of said 

coprocessor; 

said proxy receiving a specific communication request from said client; 



said coprocessor is located at the site of said proxy and: (a) acts as a converter between at 
least one protocol said client supports, and at least one other protocol supported by said 
server, (b) guarantees that an application embedded in said coprocessor performs to a 
degree of security proscribed by said client and/or said server; 

said proxy forming an n-tuple for a specific communication; 

said proxy forwarding said n-tuple to said coprocessor; 

said coprocessor generating a response, including a directive to said n-tuple; 

said coprocessor sending said response to said proxy and 
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said proxy implementing a directive; and 

employing the respective security protocols of said at least one protocol and said at least 
one other protocol; 

said secure coprocessor, being used as an agent of the client and/or a server, said secure 
coprocessor being located at the site of said proxy ; said agent being a software program or 
hardware logic operating within the confines of said coprocessor and 

an application embedded in said secure coprocessor which acts as a converter between at 
least one protocol said client supports and at least one other protocol supported by said 
server, wherein said secure coprocessor employs respective security protocols of said at 
least one protocol and said at least one other protocol; said secure coprocessor also 
assuring that said proxy cannot tamper with the functioning of said agent, and 
guaranteeing that an application embedded in said coprocessor performs to a degree of 
security proscribed by said client and/or said server. 

Claims 27 - 29 (Canceled) 

Claim 30 (Canceled) A system as recited in claim 26, wherein the application embedded in the 
coprocessor adapts content supplied by the server to fit constraints of the client and the connection 
links. 

Claim 3 1 (Canceled) A system as recited in claim 30 wherein the application embedded in the 
coprocessor adapts content supplied by the client to fit constraints of the server and the connection 
links. 
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Claim 32 (Canceled) A system for providing network security to a network employing a proxy, 
the system comprising; 

a secure coprocessor located at the site of a proxy; and 

a trusted application embedded in the coprocessor wherein the coprocessor delegates the 
task of enforcing an arbitrary trust model to the application. 

Claim 33 (Canceled) A system as recited in claim 32, wherein the coprocessor functions to 
guarantee that the application is trusted to enforce the trust model between at least one server and 
a plurality of clients. 

Claim 34 (Canceled) A system as recited in claim 32, wherein the coprocessor functions to 
assure the tamper resistance of the application. 

Claim 35 « (Canceled) An article of manufacture comprising a computer usable medium 
having computer readable program code means embodied therein for achieving client to server 
end to end security guarantees, the computer readable program code means in said article of 
manufacture comprising computer readable program code means for causing a computer to effect: 
employing a proxy between a client and a server to provide connection links between said client 
and said server; 

providing a secure communication between a client and a server employing an untrusted 
proxy by means of: 

embedding a secure coprocessor for use as an agent of said client and/or said 

server which assures that said proxy cannot tamper with the functioning of said agent, said 

agent being a software program or hardware logic operating within the confines of said 

coprocessor; 

said proxy receiving a specific communication request from said client; 
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said coprocessor is located at the site of said proxy and: (a) acts as a converter between at 
least one protocol said client supports, and at least one other protocol supported by said 
server^ (b) guarantees that an application embedded in said coprocessor performs to a 
degree of security proscribed by said client and/or said server; 

said proxy forming an n-tuple for a specific communication; 

said proxy forwarding said n-tuple to said coprocessor; 

said coprocessor generating a response, including a directive to said n-tuple; 

said coprocessor sending said response to said proxy and 

said proxy implementing a directive; and 

employing the respective security protocols of said at least one protocol and said at least 
one other protocol; 

said coprocessor is located at said proxy and: (a) acts as a converter between at least one 
protocol said client supports, and at least one other protocol supported by said server, 
(b) and guarantees that an application embedded in said coprocessor performs to a degree 
of security proscribed by said client and/or said server; 

employing the respective security protocols of said at least one protocol and said at least 
one other protocol . 

Claim 36 (Canceled) An article of manufacture as recited in claim 35, the computer readable 
code means in said article of manufacture further comprising computer readable program code 
means for causing a computer to effect the coprocessor assuring that the proxy can not tamper 
with the functioning of the agent. 

Claim 37 (Canceled) 
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Claim 38. (Canceled) An article of manufacture comprising a computer usable medium 
having computer readable program code means embodied therein for achieving client to server 
end to end security guarantees, the computer readable program code means in said article of 
manufacture further comprising computer readable program code means for causing a computer to 

effect; 

employing a proxy between a client and a server to provide connection links between said 
client and said server; 

embedding a secure coprocessor for use as an agent of said client and/or said 

server which assures that said proxy cannot tamper with the functioning of said agent, said 

agent being a software program or hardware logic operating within the confines of said 

coprocessor; 

said coprocessor is located at said proxy site and: (a) acts as a converter between at least 
one protocol said client supports, and at least one other protocol supported by said server, 
£b) adapts content supplied by said server to fit constraints of said client and/or connection 
links. 

employing the respective security protocols of said at least one protocol and said at least 
one other protocol . 

Claim 39. (Canceled) An article of manufacture comprising a computer usable medium 
having computer readable program code means embodied therein for achieving client to server 
end to end securityguarantees, the computer readable program code means in said article of 
manufacture further comprising computer readable program code means for causing a computer to 
effect: 

employing a proxy between a client and a server to provide connection links between said 
client and said server; 
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embedding a secure coprocessor for use as an agent of said client and/or said 
server; 

said coprocessor is located at said proxy site and: (a) acts as a converter between at least 
one protocol said client supports, and at least one other protocol supported by said server, 
b) assures that said proxy cannot tamper with the functioning of said agent, and (c) adapts 
content supplied by said server to fit constraints of said server and connection links; 

employing the respective security protocols of said at least one protocol and said at least 
one other protocol „ 

Claim 40. (Previously Presented) A computer program product comprising a computer 
usable medium having computer readable program code means embodied therein for providing 
secure communication on a network, the computer readable program code means in said 
computer program product comprising computer readable program code means for causing a 
computer to effect: 

securely embedding an agent at the site of a proxy in the network, and 

splicing a security protocol of a Wireless Applications Protocol suite (WAP) to that of the 
Internet Protocol (IP) suite. 

Claim 41 (Canceled) 

Claim 42 . (Canceled) A computer program product comprising a computer usable medium 
having computer readable program code means embodied therein for providing secure 
communication on a network, the computer readable program code means in said computer 
program product comprising computer readable program code means for causing a computer to 
effect: 

securely embedding an agent at a proxy in the network, and 
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splicing a plurality of secure communication protocols of different protocol suites into said 
agent, wherein said splicing includes maintaining end to end security guarantees at said 
server. 

43. (Canceled) A computer program product comprising a computer usable medium 
having computer readable program code means embodied therein for providing secure 
communication on a network, the computer readable program code means in said computer 
program product further comprising computer readable program code means for causing a 
computer to effect: 

securely embedding an agent at a proxy in the network, and 

said agent performing at least one content adaptation function; 

splicing a plurality of secure communication protocols of different protocol suites into said 
agent. 

Claim 44. (Canceled) A computer program product comprising a computer usable 
medium having computer readable program code means embodied therein for providing secure 
communication on a network, the computer readable program code means in said computer 
program product further comprising computer readable program code means for causing a 
computer to effect : 

securely embedding an agent at a proxy in the network, and 

splicing a plurality of secure communication protocols of different protocol suites into said 
agent; 

maintaining a state of said splicing process resulting from said step of splicing, wherein 
said step of maintaining includes employing a storage device external to said proxy, and 
using cryptographic means to encrypt the state of a splicing process resulting from the step 
of splicing. 
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Claim 45 (Canceled) 



Claim 46 (Canceled) A computer program product comprising a computer usable medium having 
computer readable program code means embodied therein for providing network security to a 
network employing a proxy, the computer readable program code means in said computer 
program product comprising computer readable program code means for causing a computer to 
effect the steps of : 

embedding a trusted application in a secure coprocessor located at the site of a proxy; and 
delegating to a network infrastructure a task of enforcing a trust model. 

Claim 47 (Canceled) A computer program product as recited in claim 46, the computer readable 
program code means in said computer program product further comprising computer readable 
program code means for causing a computer to effect the step of guaranteeing that the application 
is trusted to enforce the trust model between at least one server and a plurality of clients. 

Claim 48 (Canceled) A computer program product as recited in claim 46, the computer readable 
program code means in said computer program product further comprising computer readable 
program code means for causing a computer to effect the step of assuring the tamper resistance of 
the application. 

Claim 49 (Canceled) A program storage device readable by machine, tangibly embodying a 
program of instructions executable by the machine to perform method steps for secure 
communication between a client and a server employing an untrusted proxy, said method steps 
comprising: 

embedding a coprocessor at the proxy; 

the proxy receiving a specific communication request from a client; 

the proxy forming an n-tuple for the specific communication; 

the proxy forwarding the n-tuple to the coprocessor; 

the coprocessor generating a response, including a directive, to the n-tuple; 

the coprocessor sending the response to the proxy, and 
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the proxy implementing the directive. 

Claim 50 (Canceled) A program storage device readable by machine as recited in claim 49, 
wherein the coprocessor is a secure coprocessor. 

Claim 51 (Canceled) A program storage device readable by machine as recited in claim 49, 
wherein the step of receiving includes: 

awaiting a connection request from a first client; 

creating an entiy in a storage module for the client; 

determining a sender of each received packet; 

retrieving a stored entry. 

Claim 52 (Canceled) A program storage device readable by machine as recited in claim 49, 
wherein the n-tuple includes a sender id, an entry from a storage module and the received packet. 

Claim 53 (Canceled) A program storage device readable by machine as recited in claim 49, 
wherein the client and the server can be either a sender or a receiver, and the step of generating 
includes employing a first protocol from the sender to the proxy and a second protocol from the 
proxy to the receiver and translating between the first and second protocols. 

Claim 54 (Canceled) A program storage device readable by machine as recited in claim 49, 
wherein the translating includes decrypting the received packet as specified by the security 
parameters negotiated as per the first protocol and encrypting the decrypted packet as specified by 
the security parameters of the second protocol. 

Claim 55 (Canceled) A program storage device readable by machine as recited in claim 49, 
wherein the translating includes modifying the received packet to meet constraints of the receiver 
and wherein the directive includes forwarding to the receiver the packet resulting from the step of 
modifying. 
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Claim 56 (Canceled) A program storage device readable by machine as recited in claim 55, said 
method steps further comprising the step of aggregating a plurality of packets into a group of 
packets and performing content adaptation on the group of packets. 

Claim 57 (Canceled) A program storage device readable by machine as recited in claim 49, 
wherein the communication between the client and the proxy employ protocols specified by the 
Wireless Application Protocol suite (WAP). 

Claim 58 (Canceled) A method as recited in claim 1 , further comprising the step of the 
coprocessor adapting content supplied by the server to fit constraints of the client and/or the 
connection links. 

Claim 59. (Previously presented) A method as recited in claim 7, wherein the splicing includes 
maintaining end to end security guarantees without a modification to a server involved in the 
communication. 
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